Visa Europe is prepping the continent for widespread mobile payment rollout with its new tokenization tech—the same kind of tokenization that makes it possible for Apple Pay to function securely.

In mid-April, the company is going to offer its new tokenization service to financial institutions in Europe, where NFC payments are already widespread thanks to chip-and-pin cards. Transactions using contactless payments will soon submit tokens, or randomly generated card numbers, instead of actual card details. Tokenization adds an extra layer of security to mobile payments and has been one of Apple Pay’s main selling points over traditional cards.

An update to 1Password brings time-based one-time passwords (TOTP for short) to its iOS app. A one-time password is typically used as a second element in two-factor authentication (2FA), a subject I’ve written about many times in this column. But, as noted in a sensible and honest post by AgileBits, 1Password’s developer, a second factor isn’t always a second factor.

A TOTP requires a seed code that, when transformed through an algorithm that includes the precise current time, produces a number that’s converted into a short code, typically six digits long. In order to use a TOTP at a site that offers it, you walk through its enrollment process, which involves scanning a two-dimensional QR Code and generating one-time backup or recovery keys. The QR Code graphically represents the seed that both you and the site retain. (Some sites offer the seed as a code you can tap in as well.)

]]>http://www.macworld.com/article/2877616/1passwords-update-highlights-the-difference-between-two-step-and-two-factor-verification.html#tk.rss_news
SecurityHow and why you should use a VPN to protect your data's final mileFri, 16 Jan 2015 03:57:00 -0800Glenn FleishmanGlenn Fleishman

Your greatest security and privacy risk relates to data in transit, as it passes to and from your devices. In a coffeeshop, airport, or other public space using Wi-Fi, your information passes in the clear between your hardware and the network’s hub. You may not be sure how and whether the hotspot secures access to the wired side of its routers, either.

Even if you’re using a secure Wi-Fi network at home, work, or school—or even wired Ethernet—your bits still pass across a broadband modem and through intermediate points on the Internet before reaching the destination server and vice-versa. (Cellular networks are generally considered quite secure unless you are being either individually targeted or swept into a government-backed interception project.)

If we’ve learned anything from the last few years, it’s that given the opportunity to snoop on or scarf up our data or our metadata, criminals, business, and governments have a lot in common. They may have different ends that drive why they want to look at our email and transactions, listen in to phone calls, track with whom we communicate, and follow our location, but it all involves a lack of consent.

We can take action into our hands and reject their assault on our privacy by encrypting as much of our data as we can, mostly in transit when it’s at its most vulnerable. Tools have never been more powerful, and we’ve never had as many options from which to choose. It’s about to get even better.

I’ve been stressing two-factor authentication (2FA), or two-step verification, in my early columns here at Private I, because I believe most people avoid using this extra protection for their accounts due to the fuss and management, and may think it will lock them out of access or require an extra step when it’s unnecessary.

But 2FA isn’t an obstacle course with bottomless pits. It’s more like a flu vaccination. If you’re not feeling ill and aren’t worried about getting sick, you might skip the innoculation. That does you a fat lot of good when you’re laid up for two weeks with aches and fevers with one of the strains covered by the current shot—and you’ve infected all your coworkers.

There are a handful of Mac (and iOS) apps that nearly everyone we know uses. 1Password is one of them. You really do need a password manager to stay safe out there, and 1Password is as close to a default choice as any other product.

Recently, at Macworld/iWorld 2014, iMore's Rene Ritchie had a chance to catch up with Dave Teare—co-founder of AgileBits, the vendor behind 1Password—and to hear about what's new with the app, including version 4.5 for iOS (redesigned for iOS 7) and the app's appearance on Android.